Uses too much entropy (Debian Bug #343085)
Simon Josefsson
simon at josefsson.org
Fri Jan 4 17:08:03 CET 2008
Werner Koch <wk at gnupg.org> writes:
>> Another solution, how about to refuse to give out entropy to processes
>> not listed in a world-readable but root-writable file
>> /etc/libgcryptd.conf file?
>
> Well it is experimental and I had similar ideas. If I remember right I
> implemented the daemon thing when we first talked about the exim problem
> or to help other short-living processes.
So I guess the question is for the exim people: which approach do you
prefer?
1) Require that the system run the libgcrypt daemon to maintain a
global randomness pool. (Or if the user uses a kernel that doesn't
have PRNG saturation problems that Linux does... anyone knows if
FreeBSD or GNU/Hurd have similar issues?)
2) To make exim link to and call libgcrypt's functions to read and
update a random seed file instead?
3) continue discussing other solutions...
For simplicity and non-experimentalness, I would recommend 2). I can
assist in implementing this in exim, if that would help. We'd
definitely need a good example of how to do this in the gnutls manual
anyway.
/Simon
More information about the Gnutls-devel
mailing list